PeerGuardian Linux

From ArchWiki
Revision as of 09:55, 28 October 2011 by Pierre Buard (Talk | contribs) (Created page with "Category:Networking (English) Category:Security (English) ''PeerGuardian Linux'' (pgl) is a privacy oriented firewall application. It blocks connections to and from host...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

PeerGuardian Linux (pgl) is a privacy oriented firewall application. It blocks connections to and from hosts specified in huge block lists (thousands or millions of IP ranges). pgl is based on the Linux kernel netfilter framework and iptables.

Note: WARNING: pgl may block your complete network/internet access! Using too many and/or inappropriate lists may seriously degrade your internet service.


There are two AUR packages to choose from: pgl-cli includes only the daemon and CLI tools, while pgl comes complete with a GUI (written using Qt).


All the configuration files are located in Template:Filename:

The most important aspect that you'll want to change as soon as possible are the preconfigured block lists. The default lists in Template:Filename block many potentially legitimate IP address, so use your best judgment and the information available at I-Blocklist to make your choice.

If you install pgl on a workstation, it is recommended to disable the filtering of HTTP connections. To do that, copy the following in Template:Filename:

WHITE_TCP_OUT="http https"

Also, depending on the lists you use, some program might not be able to reach the outside world. For instance, if you use MSN for instant messaging, you'll need to add port 1863 to the white list:

WHITE_TCP_OUT="http https 1863"

Conversely, you could white list all the ports except the ones used by the program you are trying to restrain. The following example only use the block lists to stop incoming traffic on ports 53 (DNS) and 80 (HTTP):

WHITE_TCP_IN="0:79 81:65535"
WHITE_UDP_IN="0:52 54:65535"

Starting up

Once you are comfortable with the configuration of both the daemon and the lists, type in:

# rc.d start pgl

To make sure that pgl works as intended, issue this command:

# pglcmd test

Should you want pgl to run automatically, just add “pgl” to your Template:Filename DAEMONS array.